You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This is a feature request derived from the issues #1321 and #990.
Current situation
BiT allows to use a password safe to store passwords for local encryption and SSH (private key) via the Save Password to Keyring checkbox:
Problem description
Internally the keyring library is used to store and get the password(s).
keyring uses "drivers" (so called backends) to access password safes.
keyring does not know which of multiple installed password safes shall be used and uses a sensible default backend
(currently the so called ChainingBackend which iterates over all installed backends and chooses one using internal priorities).
This has several drawbacks:
Not all of the keyring backends are working (supported by) BiT - there is a whitelist in the code.
If keyring picks the wrong one the checkbox is disabled.
If new keyring versions or backends are installed eg. by other python-based apps keyring may pick another backend and can either no longer access a stored password or the backend not supported by BiT (see 1.)
a) This configuration cannot be viewed and changed in the GUI (usability issue).
b) If another application or user changes this per-user configuration file it also changes the backend the BiT uses.
If the "Save Password to Keyring" checkbox is grayed-out in the GUI the user has no chance to recognize the reason for this and what to change use a password safe.
The word "keyring" in the checkbox label "Save Password to Keyring" is difficult to understand because it is technical.
Expected behavior
The password safe (and the internally derived backend) setting must visible and changable in the GUI
Changing this setting shall not impact other apps
Changes of the per-user configuration file of the keyring backend shall have no impact on BiT unless the user willingly accepts this
If the "Save Password to Keyring" checkbox is grayed-out in the GUI (disabled) the user shall be able to recognize the reason for this and how to change it
Use a better name than "keyring" in the GUI
Non-functional: The BiT dependencies shall not be changed too much (eg. requiring a newer keyring library) to stay compatible with the currently supported OS landscape.
Proposed changes
Replace the term "keyring" in the "Save Password to Keyring" checkbox by eg. password safe ("keyring") to be more understandable.
Add a combo box to choose a password safe that BiT shall use for all profiles, eg. in the same row as the checkbox at the right side:
Used password safe (for all profiles):
The combo box shall show all installed and supported (by BiT) password safes and the underlying technical keyring backend in parens (since multiple backends may support the same password safe via different protocols).
The combo box shall additionally contain the entry Use the keyring default backend which uses the default backend of keyring (which may be made the default via the keyring configuration file).
The combo box shall additionally contain the entries and (if no supported backend is installed)
Store the selected password safe (backend) in the profile configuration - not in the keyring per-user config file!
Open questions
If the checkbox is grayed out: Does a user understand that a password safe must be selected in the combobox?
If no supported backend is installed there is no password safe a user could choose from.
How can a user recognize the required actions to enable (install) the backends and password safe?
Implementation hints
Simply use the keyring.set_keyring() function
Alternative: init_backend(limit=None) of keyring takes an optional limit (filter) argument which can
take a callable "filter function" with the signature shall_the_backend_be_added_to_the_chain(backend): Bool.
It sets the current backend to an instance of the marker backend fail.Keyring if no backend passed the filter
which could be used by BiT to report "no supported keyring backend available".
Decide if keyring.backends.chainer.ChainerBackend shall be added to the supported backends too.
It is a meta backend that interates over all other installed backends. Since it seems to be the default in keyring
it would always require to add a keyring config file manually (bad user experience ;-)
On the other hand ChainerBackend does not guarantee that a BiT-supported backend is really found and used.
So personally I'd prefer to either add a checkbox in the settings GUI to enable the Chainer or even better add add
a backend selector into the settings GUI.
This is a feature request derived from the issues #1321 and #990.
Current situation
BiT allows to use a password safe to store passwords for local encryption and SSH (private key) via the
Save Password to Keyring
checkbox:Problem description
Internally the
keyring
library is used to store and get the password(s).keyring
uses "drivers" (so calledbackends
) to access password safes.keyring
does not know which of multiple installed password safes shall be used and uses a sensible default backend(currently the so called
ChainingBackend
which iterates over all installed backends and chooses one using internal priorities).This has several drawbacks:
Not all of the
keyring
backends are working (supported by) BiT - there is a whitelist in the code.If
keyring
picks the wrong one the checkbox is disabled.If new
keyring
versions or backends are installed eg. by other python-based appskeyring
may pick another backend and can either no longer access a stored password or the backend not supported by BiT (see 1.)To select a fixed backend the end user of BiT has to create a config file and know the (technical backend name
(see https://github.com/bit-team/backintime#non-working-password-safe--bit-forgets-passwords-keyring-backend-issues).
a) This configuration cannot be viewed and changed in the GUI (usability issue).
b) If another application or user changes this per-user configuration file it also changes the backend the BiT uses.
If the "Save Password to Keyring" checkbox is grayed-out in the GUI the user has no chance to recognize the reason for this and what to change use a password safe.
The word "keyring" in the checkbox label "Save Password to Keyring" is difficult to understand because it is technical.
Expected behavior
keyring
backend shall have no impact on BiT unless the user willingly accepts thiskeyring
library) to stay compatible with the currently supported OS landscape.Proposed changes
password safe ("keyring")
to be more understandable.Used password safe (for all profiles):
keyring
backend in parens (since multiple backends may support the same password safe via different protocols).Use the keyring default backend
which uses the default backend ofkeyring
(which may be made the default via thekeyring
configuration file).keyring
per-user config file!Open questions
How can a user recognize the required actions to enable (install) the backends and password safe?
Implementation hints
Simply use the
keyring.set_keyring()
functionAlternative:
init_backend(limit=None)
ofkeyring
takes an optionallimit
(filter) argument which cantake a callable "filter function" with the signature
shall_the_backend_be_added_to_the_chain(backend): Bool
.It sets the current backend to an instance of the marker backend
fail.Keyring
if no backend passed the filterwhich could be used by BiT to report "no supported keyring backend available".
This requires
keyring
>= 17.1.https://github.com/jaraco/keyring/blob/bfa0148ab43ea9e592232c561971bf06712b625b/keyring/core.py#L101
Decide if
keyring.backends.chainer.ChainerBackend
shall be added to the supported backends too.It is a meta backend that interates over all other installed backends. Since it seems to be the default in
keyring
it would always require to add a keyring config file manually (bad user experience ;-)
On the other hand
ChainerBackend
does not guarantee that a BiT-supported backend is really found and used.So personally I'd prefer to either add a checkbox in the settings GUI to enable the Chainer or even better add add
a backend selector into the settings GUI.
See also this discussion with the
keyring
developer: "Save password to keyring" option is disabled #990 (comment)The text was updated successfully, but these errors were encountered: